If you use ApplicationPoolIdentity for your application pool, you may have problem with specifying permission for that "virtual" user in registry editor (there is not such user in system).
So, use subinacl - command-line tool that enables set registry ACL's, or something like this.